Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: po...@debian.org
Low severity security fix, synched up with Emilio on IRC for the upload. Cheers, Moritz diff -Nru cairo-1.16.0/debian/changelog cairo-1.16.0/debian/changelog --- cairo-1.16.0/debian/changelog 2019-03-15 08:57:56.000000000 +0100 +++ cairo-1.16.0/debian/changelog 2021-01-22 00:02:52.000000000 +0100 @@ -1,3 +1,9 @@ +cairo (1.16.0-4+deb10u1) buster; urgency=medium + + * CVE-2020-35492 (Closes: #CVE-2020-35492) + + -- Moritz Mühlenhoff <j...@debian.org> Fri, 22 Jan 2021 00:02:52 +0100 + cairo (1.16.0-4) unstable; urgency=medium * Team upload diff -Nru cairo-1.16.0/debian/patches/CVE-2020-35492.patch cairo-1.16.0/debian/patches/CVE-2020-35492.patch --- cairo-1.16.0/debian/patches/CVE-2020-35492.patch 1970-01-01 01:00:00.000000000 +0100 +++ cairo-1.16.0/debian/patches/CVE-2020-35492.patch 2021-01-22 00:02:52.000000000 +0100 @@ -0,0 +1,47 @@ +From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001 +From: Heiko Lewin <heiko.le...@worldiety.de> +Date: Tue, 15 Dec 2020 16:48:19 +0100 +Subject: [PATCH] Fix mask usage in image-compositor + +[trimmed test case, since not used in Debian build] + +--- + src/cairo-image-compositor.c | 8 ++-- + +--- cairo-1.16.0.orig/src/cairo-image-compositor.c ++++ cairo-1.16.0/src/cairo-image-compositor.c +@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_rende + unsigned num_spans) + { + cairo_image_span_renderer_t *r = abstract_renderer; +- uint8_t *m; ++ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask); + int x0; + + if (num_spans == 0) + return CAIRO_STATUS_SUCCESS; + + x0 = spans[0].x; +- m = r->_buf; ++ m = base; + do { + int len = spans[1].x - spans[0].x; + if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) { +@@ -2646,7 +2646,7 @@ _inplace_src_spans (void *abstract_rende + spans[0].x, y, + spans[1].x - spans[0].x, h); + +- m = r->_buf; ++ m = base; + x0 = spans[1].x; + } else if (spans[0].coverage == 0x0) { + if (spans[0].x != x0) { +@@ -2675,7 +2675,7 @@ _inplace_src_spans (void *abstract_rende + #endif + } + +- m = r->_buf; ++ m = base; + x0 = spans[1].x; + } else { + *m++ = spans[0].coverage; diff -Nru cairo-1.16.0/debian/patches/series cairo-1.16.0/debian/patches/series --- cairo-1.16.0/debian/patches/series 2019-03-15 08:57:56.000000000 +0100 +++ cairo-1.16.0/debian/patches/series 2021-01-22 00:02:52.000000000 +0100 @@ -4,3 +4,4 @@ 06_hurd-map-noreserve.patch git-pdf-add-missing-flush.patch ft-Use-FT_Done_MM_Var-instead-of-free-when-available-in-c.patch +CVE-2020-35492.patch